Nasty ransomware is rampant. Darn it, we wake up week after week to another massive data breach 🙁 This week is was T-Mobile and over 40 Million impacted.
You and your work are impacted even when you may not be aware. Have found some resources to share to help you “in case”.
T-Mobile Impact
Lock your account! If you haven’t locked your account as yet, here are a few steps to do so that go beyond what was recommended on the T-Mobile site. Jack Morse on August 19, 2021 wrote about this on Mashable this week. He comments, “On Aug. 19, T-Mobile published a website dedicated to walking customers through its most recent (but certainly not first) data breach” and advises everyone to change their T-Mobile PIN.
To change your T-Mobile PIN:
- Log into your T-Mobile account
- Under the MY T-MOBILE drop-down menu, select My Profile > Profile Information
- Scroll down, and next to Change PIN select Edit
- Enter your new PIN twice, then select Save
FACT SHEETS & INFORMATION From CISA.Gov
Be aware of the threats ransomware present to all of us. Actions big and small are important for individuals and companies. Easy-to-use, straightforward information to help organizations and individuals better understand the threats from, and the consequences of, a ransomware attack.
General Ransomware
- Ransomware FBI Trifold
- This pamphlet provides FBI guidance on prevention, business continuity, and remediation.
- NIST’s Tips and Tactics: Preparing Your Organization for Ransomware Attacks
- This guidance from the National Institute of Standards and Technology (NIST) includes basic practices for protecting against and recovering from ransomware attacks.
- Ransomware General Security Postcard
- This postcard explains ransomware and provides ways to prevent and respond.
- Phishing General Security Postcard
- This postcard explains phishing and provides signs and tips to prevent attacks.
- Fact Sheet: Ransomware Threat to OT Assets
- For critical infrastructure owners and operators of industrial control systems, CISA published a Fact Sheet that provides information on the rising risk of ransomware to ICS and recommended actions to reduce the risk of becoming a victim as well as severe business or functional degradation should they fall victim.
- Ransomware: What It Is & What To Do About It
- A National Cyber Investigative Joint Task Force (NCIJTF) joint-seal ransomware fact sheet provides the public important information on the current ransomware threat and the government’s response, as well common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.
- CISA Insights: Ransomware Outbreak
- This product lays out three sets of straightforward steps any organization can take to manage their risk. These recommendations are written broadly for all levels within an organization.
- Protect Your Center From Ransomware (poster)
- Public-safety answering points (PSAPs) or emergency call centers can personalize this poster for their organization to guard against the ransomware threat.
- How to Protect Your Networks from Ransomware
- Interagency technical guidance document aimed to inform Chief Information Officers and Chief Information Security Officers at critical infrastructure entities, including small, medium, and large organizations. The document provides an aggregate of existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.
Specific Ransomware Variants
- Fact Sheet: TrickBot Malware
- A CISA fact sheet released in conjunction with a joint CISA and FBI alert on the resurgence of TrickBot Malware. The fact sheet provides guidance on implementing specific mitigation measures to protect against this sophisticated malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. Attackers can use TrickBot to drop other malware, such as Ryuk and Conti ransomware, or serve as an Emotet download.
- Joint Cybersecurity Advisory: Darkside Ransomware
- Best practices for preventing business disruption from Darkside ransomware attacks.
- FBI Private Industry Notification: Egregor Ransomware
- The FBI first observed Egregor ransomware in September 2020. To date, the threat actors behind this ransomware variant claim to have compromised over 150 victims worldwide.
- FBI Flash: Mamba Ransomware
- Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software— to restrict victim access by encrypting an entire drive, including the operating system.
- Ryuk Variant Report
- Report on the Ryuk Variant.
- Qbot/Qakbot Malware Report
- Report on Qbot/Qakbot Malware.
Addressing the Risk of Ransomware to the Healthcare Sector
- For information about ransomware and healthcare, visit the Healthcare and Public Health Sector page.
Addressing the Risk of Ransomware to the Education Sector
- FBI Flash: Increase in PYSA Ransomware Targeting Education Institutions
- FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems.
- FBI Public Service Announcement: Distance Learning
- The FBI is raising awareness for parents and caregivers of school-age children about potential disruptions to schools and compromises of private information, as cyber actors exploit remote learning vulnerabilities.
Addressing the Risk of Ransomware to Next Generation 911
A critical component of emergency communications are 911 centers–to include emergency communication centers (ECC), public safety answering points (PSAP), public safety communication centers (PSCC), emergency operations centers (EOC), and other public safety command centers.
Ransomware Investigation and Payments
- Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments
- This advisory alerts financial institutions to predominant trends, typologies, and potential indicators of ransomware and associated money laundering activities.
- FBI Cyber Investigative Response Key Considerations
- Key considerations from the FBI on conducting an investigation.
- Cyber Investigation Prep – General Audience (Handout)
- Preparation includes developing an incident response plan, and is key to an effective response that minimizes harm and expedites recovery. One way to accomplish that is to establish a point of contact with your local FBI field office. This document contains information about working with your local FBI office.
- Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments
- This U.S. Department of the Treasury’s Office of Foreign Assets Control highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.
Protecting Sensitive and Personal Information From Ransomware-Caused Data Breach
CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom.
Watch After You and Yours
For those who have kids in college, I’ve added a new page to my website that includes a link to a free checklist to download https://thelivingplanner.com/life-hacks-for-young-adults/
It’s important to me you have information to proceed with developing and implementing plans for you yours. Stuff happens – across all the areas of our lives. Protecting you takes some time and “elbow grease”. It can be done!
For additional information about me, check out my website: https://thelivingplanner.com Have questions, email me: Lynn@thelivingplanner.com
Take care of you –Lynn